Become a Creator today!Start creating today - Share your story with the world!
Start for free
00:00:00
00:00:01
The Future of Intelligence Management
44 Plays1 month ago
Financial Intelligence Units regularly issue industry risk assessments in mature jurisdictions and share their enforcement priorities.
But how do you keep up? How do you manage intelligence effectively? What challenges do you face?
David Wildman of Meerkat Sentinel Consulting breaks down the essential elements of intelligence management.
The Future of the Financial Crime Podcast is a production of Arctic Intelligence, an award-winning Regulatory Technology (RegTech) business that transforms financial crime risk assessments to help protect your business.
Recommended
Transcript
Intro and Guest Introduction
00:00:00
Speaker
How are you handling your intelligence management? How do you define it? In this episode, David Wildman from Meerkat Sentinel Consulting talks about the importance of intelligence management gives a few tips on how to get it right. This is the future of financial crime, a production of Arctic Intelligence, a podcast that takes a global perspective on financial crime compliance.
00:00:20
Speaker
You need to be really selective and sometimes even a bit ruthless in saying, what feeds am I going to listen to and what feeds am I not going to listen to Welcome to the Future of Financial Crime. I am your host, Kwame Slusher, and today we have another very special guest.
00:00:38
Speaker
Today we have David Wildman, Principal of Meerkat Sentinel.
David Wildman's Career Journey
00:00:42
Speaker
Welcome, David. how are you doing? Thank you very much, Kwame. Great to be here. Yeah, no, definitely. So I think just to give the audience a bit of a tease, we're going to be talking a little about intelligence management.
00:00:54
Speaker
ah But before we define that and we keep them on the edge of their seats about what that means, tell me a bit about yourself and your role and how do you got into it. Yeah, thank you. Look, I joined the New South Wales and later the Australian Federal Police.
00:01:11
Speaker
um I was very fortunate in my career to be involved in some really complex and challenging investigations here in Australia and overseas. um I was actually also posted to Hong Kong and I managed a lot of the law enforcement relationships and information and intelligence exchanges with partners in Kong.
00:01:31
Speaker
Hong Kong, Japan, Korea, for example. I then moved into business intelligence in Hong Kong and Singapore, and that's where I completed a Master of International Business.
00:01:42
Speaker
My focus and my thesis there was on the application of anti-money laundering, anti-bribery, anti-corruption frameworks for international supply chains.
Focus on Financial Crime Intelligence
00:01:55
Speaker
And after returning to Sydney, I worked for Austrac. And similarly, I focused in on international information exchanges um and ah agreements with international financial intelligence units. Now, for about the last five years, I've um i've been in corporate roles in first and second line roles, predominantly for IML, CTF, and sanctions, as well as fraud, bribery, and corruption. And those ah you know the diligence around those frameworks um has been something that I've continued to focus on. And one of my key areas for my advisory work and the focus with Meerkat Sentinel is to continue bringing those robust requirements
00:02:34
Speaker
battle rhythms of financial crime intelligence and risk assessment processes, um all of those elements into risk management programs.
Defining Intelligence Management
00:02:45
Speaker
So you mentioned intelligence in many different contexts in your description of yourself just now, but I think we're so specifically looking at intelligence management. so I know there might be a definition. i know there might be multiple definitions, depending on who's talking about this, but what's your definition of intelligence management?
00:03:06
Speaker
yeah Yeah, look, it's a really important point. um And it's something that senior executives and boards need to nail and they need to define it, get really comfortable with what it is and what it isn't to them.
00:03:21
Speaker
And that goes all the way through as we'll talk about what are the information sources and feeds, what are we going to use or not use for our intelligence and also what gets done.
00:03:33
Speaker
with the intelligence and all of their reports. And so intelligence management has to be yeah really in the context of the organization itself and its and its business environment. And as you said, there sort of textbooks have been written on intelligence and intelligence management and can be tactical or strategic, um geopolitics, all the way through to industries and sectors. um For financial crime, I borrowed um you know some techniques from auditing and I've done a crosswalk ah across legislation from Australia, UK, US, looked at the FATF as
Regulatory Expectations and Challenges
00:04:10
Speaker
well. And whether it's anti-money laundering, bribery, fraud, corruption,
00:04:15
Speaker
Most of the legislative um regulatory frameworks really only talk about the outcomes from financial intelligence, the stuff that your financial intelligence program should ah help you with, and that is to have a risk-assessed program, monitor your customers, have controls, respond to things. Yeah.
00:04:35
Speaker
The Financial Action Task Force, for example, IO6, just talks about having a financial intelligence function to detect and disrupt financial crime. But there isn't much in the way of strict obligations, rules and regulations that defines how the management of intelligence or financial intelligence should occur.
00:04:57
Speaker
So you mentioned FATF and the IO6. Can you i talk a little bit about who FATF is for those who might be unaware of that organization and talk a little bit about IO6 itself as well?
00:05:08
Speaker
Yeah, sure. Yeah, the Financial Action Task Force, FATF, is a global organization, best to think of it as a sub-United Nations organization.
00:05:19
Speaker
ah Currently, I'm going to say about 146 member countries, and so it's very much a collaborative body. um which has 40 recommendations. and And these are sort of technical recommendations where they ask countries to submit or fulfil to a certain number of obligations around doing a risk assessment um on their channels, their products, making sure that there are laws in place, ah establishing a financial intelligence unit, encouraging that countries exchange information and intelligence with one another.
00:05:56
Speaker
After the FAT of 40 recommendations were developed, they also developed what's called immediate outcomes. And the 12 immediate outcomes, it's akin to testing, ah suppose, the operating effectiveness, how well countries actually operationalize some of those recommendations.
00:06:13
Speaker
It's all well and good to have the legislation and and the laws in place, but if no one's actually doing anything, you'll fail your I.O. um And as I mentioned, IO6, immediate outcome 6, really refers to encourages countries to detect and disrupt financial crime, making effective use of financial intelligence.
Organizational Intelligence Definitions
00:06:36
Speaker
With that, you know having FADF and having intelligence units in different jurisdictions attempting to translate what FADF expects in those spaces, what are some of the biggest challenges that companies might face when it comes to intelligence management?
00:06:50
Speaker
First and foremost, as I've said, it's just important to nail that definition because if you don't nail that definition, then your challenges are going to be quite lengthy and and quite complex. Now, this might be a bit controversial, but I always say for a practitioner, often the best definition of intelligence or good intelligence is – whatever the boss or whatever your client says it is, you know if they're happy with it, then it's good intelligence. If they're not, they're not. Now, look, that might cause some people to scratch their eyebrows and object to it a bit. But what what I actually say that for is to get people to challenge their thinking and the lens that they apply to what intelligence is and what they're going to do with it and what the problem set actually is
00:07:34
Speaker
And what are you going to do with intelligence and what are you not going to do with it? I mean, in a law enforcement context, there can be over-the-horizon intelligence, there can be typologies about emerging security threats, and there can be day-to-day intelligence support for...
00:07:50
Speaker
specific investigation teams. They might identify where Mr. X's legitimate business income comes from to be able to give that to forensic accountants and then they can analyse what the illicit sources might be. And that's a really good example there as to an intelligence sequence that's working about methodically collecting information, analysing it and disseminating it to someone specific to do something specific with.
00:08:19
Speaker
That, however, might not be relevant to people that are doing strategic or emerging threat analysis. So as I said, it's important to put some tent pegs around how you're going to deal with some of the traditional challenges and pain points.
00:08:33
Speaker
I mean, if you Google or Now, chat GPT, what are the challenges in intelligence management? You you will get a ah long list of information overload, data quality, um difficulties in converting information to relevant actions and and those types of things. But if you're not sort of taking that lens as to, yeah, what does it really mean for my business and how we're going to use that intelligence, then the the challenges just continue to to multiply.
00:09:04
Speaker
In my mind, you'll struggle if you don't get these definitions and the feeds for processing intelligence right. The roles and the
Effective Intelligence Management Practices
00:09:13
Speaker
responsibilities can be blurred.
00:09:15
Speaker
ah Furthermore, it can make it difficult to justify resourcing, investment in systems and investment in training. I've seen a lot of teams in the first line of defense or the second line of defense in banks being called a financial intelligence unit.
00:09:32
Speaker
Now, they might actually just have all of the escalated transaction monitoring alerts or the screening alerts um sent to their area for analysis. that They might have to do enhanced customer due diligence and read other regulatory updates.
00:09:49
Speaker
um Now, if they're not properly resourced and they don't have all of the documentation and the processes, then they're probably going to struggle and have all of those challenges that the chat GPT list ah tells you about.
00:10:03
Speaker
There can also be some challenges around performance expectation. If the business is asked, are you getting good financial intelligence ah from the f FIU area? And it hasn't been defined and agreed as to what the team is actually going to do.
00:10:18
Speaker
then if you're audited, you're probably then going to be coming up looking for how you're going to prove that your intelligence management cycle was working. So, yeah, if you're going to look at a technology solution even, then the basics need to be right. If you don't have that intelligence cycle well-defined and embedded, you could just be throwing some good technology at a bad system.
00:10:43
Speaker
In the vein of that question of the biggest challenges, of if we get down to very broadly speaking businesses, are they getting this right generally? Or are there some some perennial challenges that you see across the board in terms of figuring out intelligence management?
00:11:02
Speaker
Yeah, it's really good to look at where it is being done well and then sort of take those characteristics and and apply it to to many other areas um to make sure that it continues to work well in the areas that ah often aren't done well.
00:11:16
Speaker
I see that intelligence management as an industrialized process is often done very well. in many frontline and first-line anti-money laundering teams.
00:11:28
Speaker
It's also done well in cybersecurity and also physical security teams. And if I can explain this, it's it's often that if a transaction monitoring or a name or a payment alerting system triggers,
00:11:41
Speaker
And this could be an intrusion detection trigger that's come out of a firewall as well that a cyber team would look at. There's often a very well-documented sequence of predefined, particularized steps and actions that are taken.
00:11:57
Speaker
So these can be thought of as the industrialized version of information and intelligence management. But here's the rub. Sometimes the respective anti-money laundering program or it could be an anti-corruption and bribery program might not actually describe that as an intelligence management cycle.
00:12:17
Speaker
So when it comes to being audited or and asked to prove the effectiveness of that cycle, people might then be sort of cobbling together various reports and metrics and it doesn't have that consistency and there are gaps in that processes.
00:12:32
Speaker
So where where intelligence management isn't always done very well, is unpacking that vast volume a library that we get a regulator, ah industry reports, typology reports, and benchmarking reports.
00:12:49
Speaker
um There are a lot of these, and it's it's just like setting all of your transaction monitoring threshold alerts or the fuzzy logic around your name screening alerts, you need to be really selective and sometimes even a bit ruthless in saying, what feeds am I going to listen to and what feeds am I not going to listen to?
00:13:10
Speaker
you may need to decide, and your executives and your board have also got to be comfortable with this, is to what lists what adverse media feeds, be that from international media, local media,
00:13:23
Speaker
social media, blogs, are you going to trust? And which other ones are you not going to
Enhancing Intelligence Processes with Examples
00:13:29
Speaker
worry about? There might be some industry or some regulator reports that just you know aren't relevant, but you should document those and say, I'm not listening to those because with the time and resources I've got, I have to listen to these feeds.
00:13:43
Speaker
And once you've catalogued all of those, you need to put them into a register. And to give you an example, if you take an Austrac typology report about emerging abuse of cryptocurrencies and and ATMs, for example, that needs to be logged in a register when you get It needs to be scheduled and allocated for someone to look at, break down, analyze, and send it to the business.
00:14:08
Speaker
So if I can take the model before of the first line teams that are looking at those thousands of transaction monitoring alerts, because it's being done in such a repeat, robust, industrialized way, you should be doing that for all of these more complex typology and methodology reports as well.
00:14:28
Speaker
That can be really hard to do. And sometimes so I break it down and and say, you need to be looking at what laws are involved here, what act and section of the legislation does this report relate to, and also what parts of the business involved.
00:14:45
Speaker
What are the who, what, where, how, whens and whys are relevant for this particular report? And straight away, you can start saying, okay, so if this report is about organized criminals using ATMs to convert cash to crypto, that then starts helping you formulate the report and say, okay, am I looking at customer identification?
00:15:09
Speaker
screening, risk scoring, or does this report really relate to our card channels and product areas? And so then as you go through the report, that helps give you some consistent methodologies as to what's going to happen to that report.
00:15:27
Speaker
And then some people might get the report as an FYI, out of interest. Other areas, however, might then get a more specific approach section of the report, which simply says you really need to revisit some transaction monitoring thresholds, some name screening alerts, or we need to really look into our debit credit and ATM channels and make sure that they're quite hardened and robust against what this Austrac report is telling me.
00:15:55
Speaker
And once that's in the register, that's then something that the auditors or Austrac would look at it and say, you know what, you got that report and you actually managed it really well.
AI and Machine Learning in Intelligence Management
00:16:04
Speaker
That's perfect. I don't really have any follow-up questions for you because you have very comprehensively answered most of those questions.
00:16:11
Speaker
So I think we can come down to the final bit. What is coming? you know What are the threats on the horizon to consider? And what words of wisdom do you have for financial crime professionals in this space who are just trying to get this right? Look, I think as well, there's there's obviously quite ah you know many efforts and exuberance to get technology solutions to do this, whether there's AI that can help you with financial intelligence.
00:16:38
Speaker
And I really take the view that you've got to get to that maturity point. in your actual processes before a tech solution can really be used super effectively and implemented well. um Once you know your data sources, ah the intelligence feeds that I've mentioned before, get some repeatable processes that are relevant to the business and that can be validated on three, six, 12 monthly cycles and that the board and the senior executives are really happy with that cycle.
00:17:12
Speaker
Then once you implement an AI tech machine learning system over the top of that, it can be configured to really automate many of those processes and procedures. But as well, you can then put your hand on your heart and say, look, the process itself,
00:17:27
Speaker
um has a lot of integrity and it's very, very robust and the technology is simply helping us to bring consistency, repeatability and digitization to that process.
00:17:38
Speaker
I would then say, look, take all of the battle scars that people have learned from anti-money laundering, CTF and sanctions programs. And it's equally applicable across anti-fraud, bribery, corruption, even third party and supplier management problems in the business.
00:17:57
Speaker
um To give you one example, you may set up an adverse media screening alert for your third parties um and your suppliers, perhaps in foreign jurisdictions or even here in Australia as well.
00:18:10
Speaker
And there's an expectation from the regulators that you are doing this, um that you're monitoring your suppliers and so forth.
The Intelligence Cycle and Risk Assessment
00:18:17
Speaker
But if the adverse media reports are actually triggering and the teams are getting emails, if if the contract manager is actually getting an email that there's been a problem at one of your suppliers – This could be a flood, a fire, or the executive's being arrested for corruption.
00:18:34
Speaker
And there's no set repeatable processes as to what you do. okay I need to call that supplier. I need to call that vendor. We perhaps need to get our audit team to come in, trigger our audit clauses.
00:18:48
Speaker
ah you know Then you don't have that repeatable, robust intelligence management cycle. Right. So the advice that I can give there is that this intelligence cycle can really be infused and laminated to your risk assessment and your compliance processes.
00:19:05
Speaker
Everything that comes through your intelligence cycle can be relevant for the description of your controls. It can be relevant as to how well or how thorough your audit teams might need to go into the design adequacy or the operating effectiveness of your controls.
00:19:22
Speaker
And importantly, your management and your metrics reporting for your board. If your board can actually see that you have dealt with X number of reports from the audit team, Y number of reports perhaps from the ah HR, the finance team, and that you've examined them, and this is the way that I've examined them, and here's the people who then got the analysed report, they can then get comfortable that they've got quite a robust ah financial intelligence management system in place.
00:19:55
Speaker
the The last piece that I'll say as well is the follow-up. That intelligence cycle has always got to repeat itself and you've got to schedule and calendarize meetings and make sure that those intelligence assessment reports were put in for lunch and
Final Advice and Conclusion
00:20:09
Speaker
learns. This doesn't have to be rocket science, by the way. It can simply be, did you get that intelligence report?
00:20:15
Speaker
Was it relevant to you? Did you have a lunch and learn about it and tell the team? Were there rules either in the transaction monitoring system, payment screening, or the the threshold settings for the fuzzy logic and your name screening that you changed?
00:20:30
Speaker
And has it been helpful? Have you reduced the false positives perhaps? Have you increased the volume of um exits of customers that are really high risk? And has it maybe saved you some time in being able to then look at some other higher priority areas?
00:20:48
Speaker
And in managing an an intelligence team, as I said before, they're really super important things to be able to show to the business ah that you're a very valuable function of the organization.
00:20:59
Speaker
Thank you so much for your time on the podcast, David. You're welcome. Thanks very much. This has been a production of Arctic Intelligence. And the music is a production by Royalty Freed Music.